I don't know about reports, but I've tried most of the OSS implementations of search and basically decided to stick with 2.5.x and the ossec-web interface and look into possibly updating it to work with 2.6 in the future.
-- James Pulver Information Technology Area Supervisor LEPP Computer Group Cornell University -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Patrick Sent: Monday, August 29, 2011 9:01 AM To: ossec-list Subject: [ossec-list] Splunk vs Base vs ? I am looking for a web frontend that managers and non-system users can create reports from without needing direct access to the OSSEC server. I have setup Splunk with the Ossec4splunk app and it looks very promising except for a huge glaring issue that isn't being answered by the app owner. (see my postings -- http://splunk-base.splunk.com/answers/29021/ossec_agent_statuspy-v-on-local-server-timeout-exceeded-error). So my questions to this group ... Is there something else besides Splunk or Base (which the integration with OSSEC seems to be dead)? Is anyone else using Splunk with large number of clients (>1500)? Or is there another way to accomplish this without a web interface? Thanks!
